1

Okay, this just feels plain nasty, but I've been directed to do it, and just wanted to run it past some people who actually have a clue, so they can point out all the massive holes in it.....so here goes.....

We've got this legacy site & a new public beta-test one. Apparently it's super cereal that moving from one to the other is seamless, so in a manner of speaking, we need a single signon solution.

As we're not allowed to put any serious development into the legacy site (It's also in old school ASP, a language I don't care to learn.) I can't do a proper single sign-on solution, so I proposed the following: On login, the legacy site performs an AJAX post to the login controller of the new beta site, logging the user in there, it then simply proceeds with the login on the legacy site as normal. This may not be acceptable as there's code to prevent a user from being logged on twice, I'm not sure if it's been written to apply across sites.

The other idea I had was to pass a salted hash of the user's details across with their username when they try to access the 2nd site. If the hash matches the details of the user, then access is granted. This would need ASP development obviously as generating the hash on the client side would only serve to enhance the idiocy even further.

Does anyone have any thoughts?

dochead
  • 1,625
  • 2
  • 18
  • 19
  • @Greg, I'm guessing that was supposed to be "critical", but there are some letters missing. And some other letters in there. In a different order. And stuff. :-) – John Parker Aug 01 '10 at 20:55
  • Ah! That would make more sense. – Greg Hewgill Aug 01 '10 at 21:08
  • It was a South Park reference actually. I'm trying to imply that while someone thought it was a very big deal that we got it working, I believe it's a complete waste of time. – dochead Aug 02 '10 at 07:33

2 Answers2

0

The old ASP site must have some concept of a session if it requires a logon. You will, at a minimum, need to understand how to provide the session information to the legacy site and splice some code in to keep it copacetic if both sites need to be kept up indefinitely.

"Classic" ASP isn't so bad if you can read/write VB6, VBA, VBScript or VB.net. It probably won't be difficult to graft session initialization provided the code is half way decent.

Consider creating a common logon page for both sites + either an automatic redirect based on either the requested URL (I'm guessing the old and new sites have distinct URLs) or cookies passed with the request (the old site, if it used cookies, could identify a legacy user). This common logon page could initialize session on both the legacy site (only if required by user type) and on the new site. This will allow you to keep your new logon process unencumbered by the legacy process while maintaining the old as long as required.

Tahbaza
  • 9,040
  • 2
  • 24
  • 39
0

Bear in mind that your first approach (AJAX request from one site to the other) won't work if the sites are on different domains, because of javascript security restrictions.

You might be able to work around this by using a hidden iframe for the post like this, but it's getting a little hacky.

Community
  • 1
  • 1
minimalis
  • 1,463
  • 12
  • 19